Simple MEAN stack tutorials

Recent Posts

NOTE: This post requires that you have a web app set up through Facebook, Google, Twitter and/or Linkedin before continuing. To learn what OAuth is and/or how to set it up, check out my post entitled, “What is OAuth and How Does it Work?” Mean.js supports OAuth right out of the box, but it takes a bit of setting up. The configuration files are found in /config/env/. The default file is ‘development.js’. All that’s necessary to install basic OAuth for user authentication is to fill in the ‘ClientId’, ‘ClientSecret’ and ‘callbackUrl’ elements with their respective values. Make sure your callback URL has been registered as allowed with your app! Because all OAuth user data can be loaded using AngularJS directly into the user’s browser, if you don’t need to record data about your user you can just grab anything you want directly with Angular. Server-side OAuth should really be reserved for logging in and out. If I’m wrong or missing something, comment and let me...

OAuth is an open-source, universal security method web apps use to connect to services like Google, Facebook, Linkedin and Twitter in order to access login and user information. Let’s check out how OAuth works, using Google as an example: Get an OAuth web app from Google This app is obtained by the application developer (you) and contains several elements: The app ID, which uniquely identifies your app. The app secret, which only you and Google should ever see. Various access rules that helps secure where Google will send your user’s data. Here are links for web app registration for Google, Facebook, Linkedin and Twitter Install the app ID and app secret on your server This varies based on your solution (here’s how you set it up in mean.js) , but the app secret should never be accessible to the public. Authenticate the User When a user requests to log into your site, you send them a url they will visit in order to request permissions from Google. This url includes three things: The app ID. Short codes for the permissions you’re asking for. These permissions can range from viewing the user’s Google email address to posting for them on Google Plus. A callback url to which the user will be redirected after logging in. This url is usually located on your website. The user visits the secure url, and Google registers their request as having come from your app. The user can now see the permissions you requested and is prompted to enter their credentials. Google then creates a unique access token that has been encrypted with the app secret and which only your server can read....